TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆57Oct 25, 2023Updated 2 years ago
Alternatives and similar repositories for TheThing
Users that are interested in TheThing are comparing it to the libraries listed below
Sorting:
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆61Dec 18, 2025Updated 2 months ago
- TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.☆91Aug 25, 2025Updated 6 months ago
- A framework for the detection of COSI vulnerabilities / XS-Leaks☆14Mar 29, 2023Updated 2 years ago
- HTML Universal Identifier☆65Dec 15, 2024Updated last year
- Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…☆14Sep 4, 2025Updated 6 months ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆75Jan 21, 2024Updated 2 years ago
- A utility to fetch and display dns names from the SSL/TLS cert data☆16Aug 11, 2023Updated 2 years ago
- Collection of over 9000 xss payloads | heavy xss collection☆13Dec 6, 2022Updated 3 years ago
- NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv☆38Oct 13, 2024Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆48Aug 31, 2025Updated 6 months ago
- Javascript file change monitoring☆17Nov 11, 2025Updated 3 months ago
- ☆25May 21, 2025Updated 9 months ago
- Burp Suite's extension to scan and crawl Single Page Applications☆107Apr 14, 2023Updated 2 years ago
- CLI tools using Harpoon features☆24Nov 7, 2023Updated 2 years ago
- PP-finder Help you find gadget for prototype pollution exploitation☆189Aug 8, 2024Updated last year
- YuraScanner☆73Feb 13, 2025Updated last year
- A repo for tools, utils, and wrappers that are to small to put in their own repo.☆23Mar 18, 2023Updated 2 years ago
- ☆15Sep 21, 2019Updated 6 years ago
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆773Dec 9, 2025Updated 2 months ago
- jxscout superpowers JavaScript analysis for security researchers☆422Feb 15, 2026Updated 2 weeks ago
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- A nostalgic journey back to the era of retro RPGs with a cyber twist in the theme of Die Hard☆31Sep 2, 2023Updated 2 years ago
- Bug bounty domain manager with validation, exports & Redis storage ✨☆29Jun 5, 2025Updated 9 months ago
- Easily gather all routes related to a NextJs application through parsing of _buildManifest.js☆67Dec 12, 2022Updated 3 years ago
- A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API☆75Jan 24, 2025Updated last year
- ☆29May 22, 2024Updated last year
- 0xJS is an AI-powered JavaScript Security Tool☆40Updated this week
- Testability Pattern Catalogs for SAST☆32Feb 18, 2025Updated last year
- CVE-2023-6063 (WP Fastest Cache < 1.2.2 - UnAuth SQL Injection)☆29Nov 15, 2023Updated 2 years ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆225Feb 6, 2025Updated last year
- Prototype Pollution and useful Script Gadgets☆1,589Jan 27, 2024Updated 2 years ago
- ☆35Oct 29, 2021Updated 4 years ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆37Feb 15, 2026Updated 2 weeks ago
- A simple utility to quickly gather historic Port and CVE exposures from an IP range.☆41Nov 12, 2023Updated 2 years ago
- ☆17Feb 20, 2026Updated 2 weeks ago
- Prototype Pollution exploits collection☆37Aug 8, 2021Updated 4 years ago
- Burp Suite extension that makes your life easier by tucking the headers out of the way, so you can see the body content right away withou…☆39Oct 23, 2023Updated 2 years ago
- A resources for who want to learn and get deep into client-side bugs☆426Dec 8, 2024Updated last year
- ☆95Sep 18, 2021Updated 4 years ago